Re: howcome there's no DSA for the latest Linux ptrace hole?
>Howcome I don't see a Debian security advisory about the recently-found
>ptrace hole in Linux?
>
>Is it not really a hole? Or something?
>
>I think there should be an announcement even if the Debian kernels are
>not vulnerable, to explain that they're not.
>
>Are the Debian kernels vulnerable to this hole?
At least the 2.4.19 is vulnerable.
A quick patch is to put a invalid binary on /proc/sys/kernel/modprobe
instead of the real modprobe binary, and then you have time to compile
out your kernel without having to run... :)
--
bisho! _ -=] 21/03/2003 [=-
_ ^( ) _
( ( ) ) \ \___,,,
( ) / _____ >-
( :: ) >==-
'. |::| , >==-
\\::// [ PACE, NOT WAR ]
Reply to: